This week, new security risks in popular plugins and themes, including Avada and Really Simple SSL, came to light.

Our latest blog post also covers Elementor vulnerabilities and offers ways to mitigate threats and protect your site.

The following plugins and themes, while not critically compromised, affect millions of sites, and you might likely be using 1 of them.

String Locator Plugin
PHP Object Injection; 7.2/10; Update to v2.6.7+

The Events Calendar Plugin
XSS; 6.5/10; Update to v6.9.1+

Betheme Theme
XSS; 6.5/10; Update to v27.6.2+

Prime Slider – Addons For Elementor Plugin
XSS; 6.5/10; Update to v3.16.6+

Stackable Plugin
XSS; 6.5/10; Update to v3.13.12+

JetElements For Elementor Plugin
XSS; 6.5/10; Update to v2.7.3+

Avada Theme
Broken Access Control; 5.3/10; Update to v7.11.11+

Really Simple SSL Plugin
CSRF; 4.3/10; Update to v9.2.0+

Starter Templates Plugin
CSRF; 4.3/10; Update to v4.4.10+

FluentSMTP Plugin
CSRF; 4.3/10; Update to v2.2.81+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

These plugins and themes may have lower usage, but they bring extremely high risks.

WPBot Pro WordPress Chatbot Plugin
Arbitrary File Upload; 10/10; Update to v13.5.6+

RealHomes Theme
Privilege Escalation; 9.8/10; No fix; Remove/or replace.

AdForest Theme
Broken Authentication; 9.8/10; Update to v5.1.9+

GamiPress Plugin
SQL Injection; 9.3/10; Update to v7.2.2+

Product Table by WBW Plugin
SQL Injection; 9.3/10; Update to v2.1.3+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Our blog: Protect Your Site from Elementor Security Risks

Tools like Elementor, while trusted, can still face security issues. That’s why it’s important to not only rely on updates but also take extra precautions to protect from emerging threats.

Explore what steps you can take to strengthen your site.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress